Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer

Valid

Reported on

Jun 30th 2021

✍️ Description

The path is vulnerable to ssrf via svg file upload

upload an SVG file with SSRF payload in it. open option on the file and open with browser.

redirect host via ssrf

page.js L4

We have contacted a member of the kalcaddle/kodexplorer team and are waiting to hear back 2 years ago

commented 2 years ago

Maintainer

allow http on server; such as download a file from same server.

warlee validated this vulnerability 2 years ago

Ajmal Aboobacker has been awarded the disclosure bounty

The fix bounty is now up for grabs

warlee marked this as fixed with commit baf467 2 years ago

warlee has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation